 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
5 |
 |
Members:
0 |
 |
Total:
5 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 05/20/2002 1:34 PM |
|
| Ok, well this is sort of a first. In this case I'm WARNING you about a HOAX. It seems that a note has been spreading around the internet about a "virus" called sulfnbk.exe that will do damage to your computer. While that virus might have been infected by a REAL virus (if you for some reason weren't running virus software), the file itself is a system file you might need someday. I've had 4 people helpfully warn me about this hoax. This warning is a hoax, but nonetheless it's dangerous as it encourages you to delete a potentially useful system file off your hard drive. Had the file been more critical to the operation of your computer, it might even damage your computer or make it not boot or not work - but this time we got lucky. In order to educate you about hoaxes, I'm going to republish some of the content of the hoax message, show you how you can identify a "hoax" message from a real one, and give you a few links to look up hoaxes at. This particular hoax can be seen at Symantec's excellent hoax encyclopedia at the following link:
http://www.sarc.com/avcenter/venc/data/sulfnbk.exe.warning.html
Protecting Yourself
In the case of a hoax, protecting yourself consists of using some common sense, and examining the message you're receiving closely before taking any action on it. First off - where is the message coming from - is it from a "friend who passed it on" with about a jillion forwards on it? Or is it from a known source such as McAfee, Norton, the Viruswarning list, etc. Most of the major virus software manufacturers have warning lists, and we try to keep up with the biggest ones here, so if you want email warnings, better to get it from them, than to believe what your friends pass on. In many cases these friends aren't all that experienced with computers themselves (especially if they're passing along stuff like this). If you get stuff like this from a friend, be VERY CAREFUL about anything you receive from them in the future - they're not taking good precautions, or being sensible. In general the best bet is to reply to the sender after investigating the hoax and gently letting them know it's a hoax and they shouldn't pass along stuff they've not researched themselves.
Let's look at the text from the sulfnbk.exe hoax and take it apart:
Do you believe that a friend of mine sent me an alert and the procedure that we have to follow for the possible infection of SULFNBK.EXE. And I had checked, just to make sure. An then... the file was there, hidden even of McAfee and Norton, maybe waiting something to start work.
(This sort of incredulous intro is pretty typical...)
Well, see bellow the procedure that I followed step by step, and I found the file:
(Misspellings in these sorts of messages are common - if there's lots of misspellings, and they're not consistent with your friends writing style it should raise a flag)
1. Start/Find Folders. Type the file name: SULFNBK.EXE
2. If it find, open Windows Explorer, browse into the folder where the file is and delete it. Do not click with left button on the file and do not open it.
3. Just delete it
4. Mine was on Windows/Command
5. The virus from the person who gave the alert was on Windows/Config
Yes, Norton and McAfee do not detect it.
(BS. If there is a significant virus threat, Norton and McAfee usually have updates out within 24-36 hours. If the message says they don't detect it, go to the vendors site, and do a search on the file name or the virus name. Nine times out of ten it'll probably show up in the hoax list).
We do not know if it makes some damage on the machine, but I think that anybody will not want to test it to know, will it?
(This is a perfect way to instill fear uncertainty and doubt into you - don't fall for it - real virus warning should tell you the damage the virus does, and the exact method of infection, as well as telltale signs you might have been infected, or text from the email message used as a vector)
Folks, this is not fun, I deleted it from my computer.
And my definitions are updated.
Do the same, ok?
A new version of this hoax has additional text stating the virus will activate on June 1st:
It was brought to my attention yesterday that a virus is in circulation via email. I looked for it and to my surprise I found it on mine. ..Please follow the directions and remove it from yours TODAY!!!!!!!
No Virus software can detect it. It will become active on June 1, 2001. It might be too late by then. It wipes out all files and folders on the hard drive. This virus travels thru E-mail and migrates to the
'C:\windows\command' folder.
(Here's the "no virus scanner can detect it part" again. If no scanner could detect it, don't you think it would be all over the press in about 2 seconds) :)
The bad part is: You need to contact everyone you have sent ANY E-mail to in the past few months. Many major companies have found this virus on their computers. Please help your friends !!!!!!!!
Here's the real kicker part - this sort of message on ANY message (pass this along to all your friends) should always set off alarm bells in your head. If you get a message like this, whatever the content, DO NOT pass it along to all your friends - it wastes bandwidth and is potentially dangerous. If you're really concerned about one of these, and can't find it in Norton or McAfee's web site, forward it to myself, Dave or Brett for analysis.
DO NOT RELY ON YOUR ANTI-VIRUS SOFTWARE. McAFEE and NORTON CANNOT DETECT IT BECAUSE IT DOES NOT BECOME A VIRUS UNTIL JUNE 1ST.
Again - a flag to tell you that this is bull - virus's and virus scanners don't work this way, once a virus is found and identified, the scanner creates a "Signature" that all variants of the virus carry - some particular sequence of code unique to that virus, and that's what sets off the scanner. So something couldn't "become" a virus on the 1st - it either is or isn't. It might ACTIVATE on the first, but that's a different story, and wouldn't prevent a virus scanner from finding it. The all caps is another clue...
WHATEVER YOU DO, DO NOT OPEN THE FILE!!!
Well that's the only good advice in here.... :)
Protecting Yourself - resources
Symantec's hoax site: http://www.symantec.com/avcenter/hoax.html
McAfee's hoax site: http://vil.mcafee.com/hoax.asp?
F-Secure's hoax site: http://www.f-secure.com/virus-info/hoax/
If you received a copy of this from a friend you can sign up for the viruswarning list and get these messages directly from us. Check out my website for instructions:
http://www.leedrake.com/virus_notification.htm
All sites have an email notification option for REAL viruses, and for hoax warnings in some cases.
This concludes this VirusWarn notice.
Lee Drake, Moderator |
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|